Export limit exceeded: 75160 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75160 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-50907 | 1 E107 | 2 E107, E107 Cms | 2026-04-07 | 7.2 High |
| e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution through the Media Manager import feature. | ||||
| CVE-2022-50892 | 1 Viaviweb | 1 Wallpaper Admin | 2026-04-07 | 8.2 High |
| VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface. | ||||
| CVE-2022-50890 | 2 Apple, Skyjos | 7 Ipados, Iphone Os, Macos and 4 more | 2026-04-07 | 7.5 High |
| Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the device. | ||||
| CVE-2022-50806 | 1 4homepages | 1 4images | 2026-04-07 | 7.2 High |
| 4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php endpoint with a crafted cat_id parameter. | ||||
| CVE-2021-47904 | 1 Phreesoft | 1 Phreebookserp | 2026-04-07 | 8.8 High |
| PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server. | ||||
| CVE-2021-47872 | 1 Seopanel | 1 Seo Panel | 2026-04-07 | 7.1 High |
| SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by injecting malicious SQL code into the order column parameter. | ||||
| CVE-2021-47865 | 1 Proftpd | 1 Proftpd | 2026-04-07 | 7.5 High |
| ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access. | ||||
| CVE-2021-47864 | 1 Osas | 1 Traverse Extension | 2026-04-07 | 7.8 High |
| OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining elevated system access. | ||||
| CVE-2021-47863 | 1 Macpaw | 1 Encrypto | 2026-04-07 | 7.8 High |
| MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate privileges on Windows systems. | ||||
| CVE-2021-47848 | 1 Satndy | 1 Aplikasi-biro-travel | 2026-04-07 | 8.2 High |
| Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass login by injecting SQL code through the username parameter. Attackers can manipulate the login request by sending a crafted username with SQL injection techniques to gain unauthorized administrative access. | ||||
| CVE-2021-47846 | 1 Iwantsourcecodes | 1 Digital Crime Report Management System | 2026-04-07 | 8.2 High |
| Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password parameters across police, incharge, user, and HQ login endpoints. | ||||
| CVE-2026-5663 | 1 Offis | 1 Dcmtk | 2026-04-07 | 7.3 High |
| A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue. | ||||
| CVE-2021-47789 | 1 Yenkee | 3 Hornet Gaming Mouse, Yms 3029, Yms 3029 Firmware | 2026-04-07 | 7.5 High |
| Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by sending a 2000-byte buffer through DeviceIoControl to trigger a kernel-level system crash. | ||||
| CVE-2021-47787 | 1 Totalav | 1 Totalav | 2026-04-07 | 7.8 High |
| TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration. | ||||
| CVE-2021-47786 | 1 Redragon | 29 Bm-4091, Bm-4091 Firmware, Gaming Mouse and 26 more | 2026-04-07 | 7.5 High |
| Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger a denial of service by sending malformed IOCTL requests. Attackers can send a crafted 2000-byte buffer with specific byte patterns to the REDRAGON_MOUSE device to crash the kernel driver. | ||||
| CVE-2021-47778 | 1 Get-simple | 1 Getsimplecms | 2026-04-07 | 7.2 High |
| GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server. | ||||
| CVE-2021-47777 | 1 Ribccs | 1 Build Smart Erp | 2026-04-07 | 8.2 High |
| Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads like ';WAITFOR DELAY '0:0:3'-- to manipulate database queries and potentially extract or modify database information. | ||||
| CVE-2021-47770 | 1 Openplcproject | 2 Openplc, Openplc V3 | 2026-04-07 | 8.8 High |
| OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that establishes a network connection to a specified IP and port, enabling remote command execution. | ||||
| CVE-2021-47763 | 1 Aimeos | 1 Aimeos Laravel Ecommerce Platform | 2026-04-07 | 8.2 High |
| Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint. | ||||
| CVE-2021-47762 | 1 Httpdebugger | 1 Httpdebuggerpro | 2026-04-07 | 7.8 High |
| HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables and gain elevated access to the system. | ||||